Abstract:

Enterprise wide area network (WAN) is a private network that connects the computers and other devices across an organisation's branch locations and the data centers. It forms the backbone of enterprise communication. Currently, multiprotocol label switching (MPLS) is commonly used to provide this service. As a recent alternative to MPLS, software-defined wide area networking (SD-WAN) solutions are being introduced as an IP based cloud-networking service for enterprises. SD-WAN virtualizes the networking service and eases the complexity of configuring and managing the enterprise network by moving these tasks to software and a central controller. The introduction of new technologies causes concerns about their security. Also, this new solution is introduced as a replacement for MPLS, which has been considered secure and has been in use for more than 16 years. Thus, there is a need to analyze the security of SD-WAN, which is the goal of this thesis.

In this thesis, we perform a security analysis of a commercial SD-WAN solution, by finding its various attack surfaces, associated vulnerabilities and design weaknesses. We choose Nuage VNS, an SD-WAN product provided by Nuage Networks, as the analysis target. As a result, many attack surfaces and security weaknesses were found and reported, especially in the Customer Premises Equipment (CPE). In particular, we found vulnerabilities in the CPE's secure bootstrapping method and demonstrated some attacks by exploiting them. Finally, we propose mitigation steps to avoid the attacks.

The results of this thesis will help both the service provider and the SD-WAN solution vendor to know about the attack surfaces and weaknesses of SD-WAN before offering it to their customers. We also help in implementing the temporary countermeasures to mitigate the attacks. The results have been presented to the service provider and the vendor of the SD-WAN product.